Re: [PATCH] hwmon: (ina3221): tighten attribute sysfs permissions

[Guenter Roeck]

On Thu, Nov 17, 2022 at 04:39:20PM +0800, Ninad Malwade wrote:
> The INA3221 device provides voltage and current measurements for
> various power rails, including the CPU rail, on at least some Jetson
> boards. This raises the possibility of the Platypus attack being relevant
> to Jetson. To prevent this possibility, modify all attribute
> channel permissions so that only root can access the values.

NACK. The hwmon ABI expects all attributes to be readable for everyone.
Forcing userspace to have root privilege to read sensor values just moves
the attack vector into the affected applications.

You have a number of options:

1) Make the values reported vague enough to be useless for attacks
2) Remove the attributes
3) Remove the driver

2) and 3) are obviously unacceptable here. Your option would be to
disable the driver on the affected system.

Having said that, for me to accept any driver change, you would have to
prove that the values reported by the chip are really accurate enough to
be useful in any attack (most chips do not deliver that level of accuracy).
A generic statement along the line of "raises the possibility" is
insufficient.

> This is logically equivalent to 949dd0104c49 ("powercap: restrict energy
> meter to root access") upstream.
 
The change in the powercap driver is not hwmon ABI related and
irrelevant. If you look for an example, use commit 9049572fb145
("hwmon: Remove amd_energy driver").

Guenter